Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Emails about: Suspicious process Alerts

Discussion in 'Security' started by duobilisim, May 3, 2014.

  1. duobilisim

    duobilisim Member

    Joined:
    Jan 6, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    i got emails like this 10 times a day:

    I think its connecting dns server, but i dunno why its alerting me? And what to do to stop this.

    Subject: lfd on s1.mydomain.com: Suspicious process running under user myuser

    Code:
    Time:    Thu May  1 15:48:27 2014 +0300
    PID:     27705 (Parent PID:27295)
    Account: myuser
    Uptime:  2107 seconds
    
    
    Executable:
    
    /usr/bin/php
    
    
    Command Line (often faked in exploits):
    
    /usr/bin/php
    
    
    Network connections by the process (if any):
    
    udp: 146.185.xxx.xxx:58125 -> 4.2.2.2:53
    
    
    Files open by the process (if any):
    
    /usr/local/apache/logs/error_log
    /usr/local/apache/logs/error_log
    
    
    Memory maps by the process (if any):
    
    00400000-00a89000 r-xp 00000000 fd:00 805934                             /usr/bin/php
    00c88000-00cf5000 rw-p 00688000 fd:00 805934                             /usr/bin/php
    00cf5000-00d03000 rw-p 00000000 00:00 0
    01e4e000-037de000 rw-p 00000000 00:00 0                                  [heap]
    7fa518000000-7fa518021000 rw-p 00000000 00:00 0
    7fa518021000-7fa51c000000 ---p 00000000 00:00 0
    7fa51f7b6000-7fa51f7bb000 r-xp 00000000 fd:00 655822                     /lib64/libnss_dns-2.12.so
    7fa51f7bb000-7fa51f9ba000 ---p 00005000 fd:00 655822                     /lib64/libnss_dns-2.12.so
    7fa51f9ba000-7fa51f9bb000 r--p 00004000 fd:00 655822                     /lib64/libnss_dns-2.12.so
    7fa51f9bb000-7fa51f9bc000 rw-p 00005000 fd:00 655822                     /lib64/libnss_dns-2.12.so
    7fa51f9bc000-7fa51f9c8000 r-xp 00000000 fd:00 655612                     /lib64/libnss_files-2.12.so
    7fa51f9c8000-7fa51fbc8000 ---p 0000c000 fd:00 655612                     /lib64/libnss_files-2.12.so
    7fa51fbc8000-7fa51fbc9000 r--p 0000c000 fd:00 655612                     /lib64/libnss_files-2.12.so
    7fa51fbc9000-7fa51fbca000 rw-p 0000d000 fd:00 655612                     /lib64/libnss_files-2.12.so
    7fa51fbca000-7fa51fbcb000 ---p 00000000 00:00 0
    7fa51fbcb000-7fa5205cb000 rwxp 00000000 00:00 0
    7fa5205cb000-7fa5205df000 r-xp 00000000 fd:00 1321442                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
    7fa5205df000-7fa5207df000 ---p 00014000 fd:00 1321442                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
    7fa5207df000-7fa5207e0000 rw-p 00014000 fd:00 1321442                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixed.5.2.lin
    7fa5207e0000-7fa5207e7000 r-xp 00000000 fd:00 1321459                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
    7fa5207e7000-7fa5209e6000 ---p 00007000 fd:00 1321459                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
    7fa5209e6000-7fa5209e7000 rw-p 00006000 fd:00 1321459                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so
    7fa5209e7000-7fa520a40000 r-xp 00000000 fd:00 1321461                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
    7fa520a40000-7fa520c3f000 ---p 00059000 fd:00 1321461                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
    7fa520c3f000-7fa520c44000 rw-p 00058000 fd:00 1321461                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so
    7fa520c44000-7fa520cad000 r-xp 00000000 fd:00 1321460                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
    7fa520cad000-7fa520ead000 ---p 00069000 fd:00 1321460                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
    7fa520ead000-7fa520eb0000 rw-p 00069000 fd:00 1321460                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_sqlite.so
    7fa520eb0000-7fa520ec6000 r-xp 00000000 fd:00 1321458                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
    7fa520ec6000-7fa5210c6000 ---p 00016000 fd:00 1321458                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
    7fa5210c6000-7fa5210c9000 rw-p 00016000 fd:00 1321458                    /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so
    7fa5210c9000-7fa52124d000 r-xp 00000000 fd:00 921828                     /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
    7fa52124d000-7fa52134c000 ---p 00184000 fd:00 921828                     /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
    7fa52134c000-7fa521372000 rw-p 00183000 fd:00 921828                     /usr/local/Zend/lib/Optimizer-3.3.9/php-5.2.x/ZendOptimizer.so
    7fa521372000-7fa521377000 rw-p 00000000 00:00 0
    7fa521377000-7fa521469000 r-xp 00000000 fd:00 921829                     /usr/local/IonCube/ioncube_loader_lin_5.2.so
    7fa521469000-7fa521569000 ---p 000f2000 fd:00 921829                     /usr/local/IonCube/ioncube_loader_lin_5.2.so
    7fa521569000-7fa521578000 rw-p 000f2000 fd:00 921829                     /usr/local/IonCube/ioncube_loader_lin_5.2.so
    7fa521578000-7fa52157b000 rw-p 00000000 00:00 0
    7fa52157b000-7fa521598000 r-xp 00000000 fd:00 655635                     /lib64/libselinux.so.1
    7fa521598000-7fa521797000 ---p 0001d000 fd:00 655635                     /lib64/libselinux.so.1
    7fa521797000-7fa521798000 r--p 0001c000 fd:00 655635                     /lib64/libselinux.so.1
    7fa521798000-7fa521799000 rw-p 0001d000 fd:00 655635                     /lib64/libselinux.so.1
    7fa521799000-7fa52179a000 rw-p 00000000 00:00 0
    7fa52179a000-7fa52179c000 r-xp 00000000 fd:00 805516                     /usr/lib64/libXau.so.6.0.0
    7fa52179c000-7fa52199c000 ---p 00002000 fd:00 805516                     /usr/lib64/libXau.so.6.0.0
    7fa52199c000-7fa52199d000 rw-p 00002000 fd:00 805516                     /usr/lib64/libXau.so.6.0.0
    7fa52199d000-7fa52199f000 r-xp 00000000 fd:00 655777                     /lib64/libkeyutils.so.1.3
    7fa52199f000-7fa521b9e000 ---p 00002000 fd:00 655777                     /lib64/libkeyutils.so.1.3
    7fa521b9e000-7fa521b9f000 r--p 00001000 fd:00 655777                     /lib64/libkeyutils.so.1.3
    7fa521b9f000-7fa521ba0000 rw-p 00002000 fd:00 655777                     /lib64/libkeyutils.so.1.3
    7fa521ba0000-7fa521baa000 r-xp 00000000 fd:00 655631                     /lib64/libkrb5support.so.0.1
    7fa521baa000-7fa521da9000 ---p 0000a000 fd:00 655631                     /lib64/libkrb5support.so.0.1
    7fa521da9000-7fa521daa000 r--p 00009000 fd:00 655631                     /lib64/libkrb5support.so.0.1
    7fa521daa000-7fa521dab000 rw-p 0000a000 fd:00 655631                     /lib64/libkrb5support.so.0.1
    7fa521dab000-7fa521dc8000 r-xp 00000000 fd:00 805584                     /usr/lib64/libxcb.so.1.1.0
    7fa521dc8000-7fa521fc8000 ---p 0001d000 fd:00 805584                     /usr/lib64/libxcb.so.1.1.0
    7fa521fc8000-7fa521fc9000 rw-p 0001d000 fd:00 805584                     /usr/lib64/libxcb.so.1.1.0
    7fa521fc9000-7fa521fe0000 r-xp 00000000 fd:00 655799                     /lib64/libaudit.so.1.0.0
    7fa521fe0000-7fa5221df000 ---p 00017000 fd:00 655799                     /lib64/libaudit.so.1.0.0
    7fa5221df000-7fa5221e0000 r--p 00016000 fd:00 655799                     /lib64/libaudit.so.1.0.0
    7fa5221e0000-7fa5221e5000 rw-p 00017000 fd:00 655799                     /lib64/libaudit.so.1.0.0
    7fa5221e5000-7fa5221fc000 r-xp 00000000 fd:00 655688                     /lib64/libpthread-2.12.so
    7fa5221fc000-7fa5223fc000 ---p 00017000 fd:00 655688                     /lib64/libpthread-2.12.so
    7fa5223fc000-7fa5223fd000 r--p 00017000 fd:00 655688                     /lib64/libpthread-2.12.so
    7fa5223fd000-7fa5223fe000 rw-p 00018000 fd:00 655688                     /lib64/libpthread-2.12.so
    7fa5223fe000-7fa522402000 rw-p 00000000 00:00 0
    7fa522402000-7fa522473000 r-xp 00000000 fd:00 655482                     /lib64/libfreebl3.so
    7fa522473000-7fa522672000 ---p 00071000 fd:00 655482                     /lib64/libfreebl3.so
    7fa522672000-7fa522674000 r--p 00070000 fd:00 655482                     /lib64/libfreebl3.so
    7fa522674000-7fa522675000 rw-p 00072000 fd:00 655482                     /lib64/libfreebl3.so
    7fa522675000-7fa522679000 rw-p 00000000 00:00 0
    7fa522679000-7fa52268f000 r-xp 00000000 fd:00 660793                     /lib64/libgcc_s-4.4.7-20120601.so.1
    7fa52268f000-7fa52288e000 ---p 00016000 fd:00 660793                     /lib64/libgcc_s-4.4.7-20120601.so.1
    7fa52288e000-7fa52288f000 rw-p 00015000 fd:00 660793                     /lib64/libgcc_s-4.4.7-20120601.so.1
    7fa52288f000-7fa522a1a000 r-xp 00000000 fd:00 655820                     /lib64/libc-2.12.so
    7fa522a1a000-7fa522c19000 ---p 0018b000 fd:00 655820                     /lib64/libc-2.12.so
    7fa522c19000-7fa522c1d000 r--p 0018a000 fd:00 655820                     /lib64/libc-2.12.so
    7fa522c1d000-7fa522c1e000 rw-p 0018e000 fd:00 655820                     /lib64/libc-2.12.so
    7fa522c1e000-7fa522c23000 rw-p 00000000 00:00 0
    7fa522c23000-7fa522d72000 r-xp 00000000 fd:00 262379                     /opt/xml2/lib/libxml2.so.2.9.0
    7fa522d72000-7fa522f71000 ---p 0014f000 fd:00 262379                     /opt/xml2/lib/libxml2.so.2.9.0
    7fa522f71000-7fa522f7b000 rw-p 0014e000 fd:00 262379                     /opt/xml2/lib/libxml2.so.2.9.0
    7fa522f7b000-7fa522f7c000 rw-p 00000000 00:00 0
    7fa522f7c000-7fa522fb8000 r-xp 00000000 fd:00 265781                     /opt/xslt/lib/libxslt.so.1.1.27
    7fa522fb8000-7fa5231b7000 ---p 0003c000 fd:00 265781                     /opt/xslt/lib/libxslt.so.1.1.27
    7fa5231b7000-7fa5231b9000 rw-p 0003b000 fd:00 265781                     /opt/xslt/lib/libxslt.so.1.1.27
    7fa5231b9000-7fa5231eb000 r-xp 00000000 fd:00 655597                     /lib64/libidn.so.11.6.1
    7fa5231eb000-7fa5233ea000 ---p 00032000 fd:00 655597                     /lib64/libidn.so.11.6.1
    7fa5233ea000-7fa5233eb000 rw-p 00031000 fd:00 655597                     /lib64/libidn.so.11.6.1
    7fa5233eb000-7fa523443000 r-xp 00000000 fd:00 262633                     /opt/curlssl/lib/libcurl.so.4.2.0
    7fa523443000-7fa523643000 ---p 00058000 fd:00 262633                     /opt/curlssl/lib/libcurl.so.4.2.0
    7fa523643000-7fa523646000 rw-p 00058000 fd:00 262633                     /opt/curlssl/lib/libcurl.so.4.2.0
    7fa523646000-7fa523649000 r-xp 00000000 fd:00 655758                     /lib64/libcom_err.so.2.1
    7fa523649000-7fa523848000 ---p 00003000 fd:00 655758                     /lib64/libcom_err.so.2.1
    7fa523848000-7fa523849000 r--p 00002000 fd:00 655758                     /lib64/libcom_err.so.2.1
    7fa523849000-7fa52384a000 rw-p 00003000 fd:00 655758                     /lib64/libcom_err.so.2.1
    7fa52384a000-7fa523873000 r-xp 00000000 fd:00 655762                     /lib64/libk5crypto.so.3.1
    7fa523873000-7fa523a73000 ---p 00029000 fd:00 655762                     /lib64/libk5crypto.so.3.1
    7fa523a73000-7fa523a74000 r--p 00029000 fd:00 655762                     /lib64/libk5crypto.so.3.1
    7fa523a74000-7fa523a75000 rw-p 0002a000 fd:00 655762                     /lib64/libk5crypto.so.3.1
    7fa523a75000-7fa523a76000 rw-p 00000000 00:00 0
    7fa523a76000-7fa523b51000 r-xp 00000000 fd:00 655766                     /lib64/libkrb5.so.3.3
    7fa523b51000-7fa523d50000 ---p 000db000 fd:00 655766                     /lib64/libkrb5.so.3.3
    7fa523d50000-7fa523d5a000 r--p 000da000 fd:00 655766                     /lib64/libkrb5.so.3.3
    7fa523d5a000-7fa523d5c000 rw-p 000e4000 fd:00 655766                     /lib64/libkrb5.so.3.3
    7fa523d5c000-7fa523d9d000 r-xp 00000000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
    7fa523d9d000-7fa523f9d000 ---p 00041000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
    7fa523f9d000-7fa523f9e000 r--p 00041000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
    7fa523f9e000-7fa523fa0000 rw-p 00042000 fd:00 655614                     /lib64/libgssapi_krb5.so.2.2
    7fa523fa0000-7fa523fb6000 r-xp 00000000 fd:00 655499                     /lib64/libnsl-2.12.so
    7fa523fb6000-7fa5241b5000 ---p 00016000 fd:00 655499                     /lib64/libnsl-2.12.so
    7fa5241b5000-7fa5241b6000 r--p 00015000 fd:00 655499                     /lib64/libnsl-2.12.so
    7fa5241b6000-7fa5241b7000 rw-p 00016000 fd:00 655499                     /lib64/libnsl-2.12.so
    7fa5241b7000-7fa5241b9000 rw-p 00000000 00:00 0
    7fa5241b9000-7fa5241cf000 r-xp 00000000 fd:00 655501                     /lib64/libresolv-2.12.so
    7fa5241cf000-7fa5243cf000 ---p 00016000 fd:00 655501                     /lib64/libresolv-2.12.so
    7fa5243cf000-7fa5243d0000 r--p 00016000 fd:00 655501                     /lib64/libresolv-2.12.so
    7fa5243d0000-7fa5243d1000 rw-p 00017000 fd:00 655501                     /lib64/libresolv-2.12.so
    7fa5243d1000-7fa5243d3000 rw-p 00000000 00:00 0
    7fa5243d3000-7fa52440f000 r-xp 00000000 fd:00 262763                     /opt/pcre/lib/libpcre.so.0.0.1
    7fa52440f000-7fa52460e000 ---p 0003c000 fd:00 262763                     /opt/pcre/lib/libpcre.so.0.0.1
    7fa52460e000-7fa52460f000 rw-p 0003b000 fd:00 262763                     /opt/pcre/lib/libpcre.so.0.0.1
    7fa52460f000-7fa52461f000 r-xp 00000000 fd:00 655840                     /lib64/libbz2.so.1.0.4
    7fa52461f000-7fa52481e000 ---p 00010000 fd:00 655840                     /lib64/libbz2.so.1.0.4
    7fa52481e000-7fa524820000 rw-p 0000f000 fd:00 655840                     /lib64/libbz2.so.1.0.4
    7fa524820000-7fa52485f000 r-xp 00000000 fd:00 804102                     /usr/lib64/libjpeg.so.62.0.0
    7fa52485f000-7fa524a5f000 ---p 0003f000 fd:00 804102                     /usr/lib64/libjpeg.so.62.0.0
    7fa524a5f000-7fa524a60000 rw-p 0003f000 fd:00 804102                     /usr/lib64/libjpeg.so.62.0.0
    7fa524a60000-7fa524a70000 rw-p 00000000 00:00 0
    7fa524a70000-7fa524a95000 r-xp 00000000 fd:00 805482                     /usr/lib64/libpng12.so.0.49.0
    7fa524a95000-7fa524c95000 ---p 00025000 fd:00 805482                     /usr/lib64/libpng12.so.0.49.0
    7fa524c95000-7fa524c96000 rw-p 00025000 fd:00 805482                     /usr/lib64/libpng12.so.0.49.0
    7fa524c96000-7fa524ca7000 r-xp 00000000 fd:00 805380                     /usr/lib64/libXpm.so.4.11.0
    7fa524ca7000-7fa524ea6000 ---p 00011000 fd:00 805380                     /usr/lib64/libXpm.so.4.11.0
    7fa524ea6000-7fa524ea7000 rw-p 00010000 fd:00 805380                     /usr/lib64/libXpm.so.4.11.0
    7fa524ea7000-7fa524fde000 r-xp 00000000 fd:00 802526                     /usr/lib64/libX11.so.6.3.0
    7fa524fde000-7fa5251de000 ---p 00137000 fd:00 802526                     /usr/lib64/libX11.so.6.3.0
    7fa5251de000-7fa5251e4000 rw-p 00137000 fd:00 802526                     /usr/lib64/libX11.so.6.3.0
    7fa5251e4000-7fa52527c000 r-xp 00000000 fd:00 805615                     /usr/lib64/libfreetype.so.6.3.22
    7fa52527c000-7fa52547b000 ---p 00098000 fd:00 805615                     /usr/lib64/libfreetype.so.6.3.22
    7fa52547b000-7fa525481000 rw-p 00097000 fd:00 805615                     /usr/lib64/libfreetype.so.6.3.22
    7fa525481000-7fa52548d000 r-xp 00000000 fd:00 655675                     /lib64/libpam.so.0.82.2
    7fa52548d000-7fa52568d000 ---p 0000c000 fd:00 655675                     /lib64/libpam.so.0.82.2
    7fa52568d000-7fa52568e000 r--p 0000c000 fd:00 655675                     /lib64/libpam.so.0.82.2
    7fa52568e000-7fa52568f000 rw-p 0000d000 fd:00 655675                     /lib64/libpam.so.0.82.2
    7fa52568f000-7fa525844000 r-xp 00000000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
    7fa525844000-7fa525a44000 ---p 001b5000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
    7fa525a44000-7fa525a5f000 r--p 001b5000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
    7fa525a5f000-7fa525a6b000 rw-p 001d0000 fd:00 797078                     /usr/lib64/libcrypto.so.1.0.1e
    7fa525a6b000-7fa525a6f000 rw-p 00000000 00:00 0
    7fa525a6f000-7fa525ad0000 r-xp 00000000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
    7fa525ad0000-7fa525cd0000 ---p 00061000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
    7fa525cd0000-7fa525cd4000 r--p 00061000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
    7fa525cd4000-7fa525cdb000 rw-p 00065000 fd:00 804141                     /usr/lib64/libssl.so.1.0.1e
    7fa525cdb000-7fa525ce4000 r-xp 00000000 fd:00 801404                     /usr/lib64/libltdl.so.7.2.1
    7fa525ce4000-7fa525ee3000 ---p 00009000 fd:00 801404                     /usr/lib64/libltdl.so.7.2.1
    7fa525ee3000-7fa525ee4000 rw-p 00008000 fd:00 801404                     /usr/lib64/libltdl.so.7.2.1
    7fa525ee4000-7fa525f0e000 r-xp 00000000 fd:00 265730                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    7fa525f0e000-7fa52610d000 ---p 0002a000 fd:00 265730                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    7fa52610d000-7fa526111000 rw-p 00029000 fd:00 265730                     /opt/libmcrypt/lib/libmcrypt.so.4.4.8
    7fa526111000-7fa526116000 rw-p 00000000 00:00 0
    7fa526116000-7fa526141000 r-xp 00000000 fd:00 265753                     /opt/mhash/lib/libmhash.so.2.0.1
    7fa526141000-7fa526340000 ---p 0002b000 fd:00 265753                     /opt/mhash/lib/libmhash.so.2.0.1
    7fa526340000-7fa526341000 rw-p 0002a000 fd:00 265753                     /opt/mhash/lib/libmhash.so.2.0.1
    7fa526341000-7fa526619000 r-xp 00000000 fd:00 787890                     /usr/lib64/libmysqlclient.so.18.0.0
    7fa526619000-7fa526818000 ---p 002d8000 fd:00 787890                     /usr/lib64/libmysqlclient.so.18.0.0
    7fa526818000-7fa52689c000 rw-p 002d7000 fd:00 787890                     /usr/lib64/libmysqlclient.so.18.0.0
    7fa52689c000-7fa5268a1000 rw-p 00000000 00:00 0
    7fa5268a1000-7fa5268a2000 r-xp 00000000 fd:00 805910                     /usr/lib64/libpspell.so.15.1.4
    7fa5268a2000-7fa526aa1000 ---p 00001000 fd:00 805910                     /usr/lib64/libpspell.so.15.1.4
    7fa526aa1000-7fa526aa2000 rw-p 00000000 fd:00 805910                     /usr/lib64/libpspell.so.15.1.4
    7fa526aa2000-7fa526b54000 r-xp 00000000 fd:00 805908                     /usr/lib64/libaspell.so.15.1.4
    7fa526b54000-7fa526d54000 ---p 000b2000 fd:00 805908                     /usr/lib64/libaspell.so.15.1.4
    7fa526d54000-7fa526d5b000 rw-p 000b2000 fd:00 805908                     /usr/lib64/libaspell.so.15.1.4
    7fa526d5b000-7fa526d63000 rw-p 00000000 00:00 0
    7fa526d63000-7fa526db9000 r-xp 00000000 fd:00 265765                     /opt/tidy/lib/libtidy-0.99.so.0.0.0
    7fa526db9000-7fa526fb9000 ---p 00056000 fd:00 265765                     /opt/tidy/lib/libtidy-0.99.so.0.0.0
    7fa526fb9000-7fa526fc2000 rw-p 00056000 fd:00 265765                     /opt/tidy/lib/libtidy-0.99.so.0.0.0
    7fa526fc2000-7fa526fe8000 r-xp 00000000 fd:00 655812                     /lib64/libexpat.so.1.5.2
    7fa526fe8000-7fa5271e7000 ---p 00026000 fd:00 655812                     /lib64/libexpat.so.1.5.2
    7fa5271e7000-7fa5271ea000 rw-p 00025000 fd:00 655812                     /lib64/libexpat.so.1.5.2
    7fa5271ea000-7fa5271f1000 r-xp 00000000 fd:00 655637                     /lib64/librt-2.12.so
    7fa5271f1000-7fa5273f0000 ---p 00007000 fd:00 655637                     /lib64/librt-2.12.so
    7fa5273f0000-7fa5273f1000 r--p 00006000 fd:00 655637                     /lib64/librt-2.12.so
    7fa5273f1000-7fa5273f2000 rw-p 00007000 fd:00 655637                     /lib64/librt-2.12.so
    7fa5273f2000-7fa5273f4000 r-xp 00000000 fd:00 655830                     /lib64/libdl-2.12.so
    7fa5273f4000-7fa5275f4000 ---p 00002000 fd:00 655830                     /lib64/libdl-2.12.so
    7fa5275f4000-7fa5275f5000 r--p 00002000 fd:00 655830                     /lib64/libdl-2.12.so
    7fa5275f5000-7fa5275f6000 rw-p 00003000 fd:00 655830                     /lib64/libdl-2.12.so
    7fa5275f6000-7fa527679000 r-xp 00000000 fd:00 655492                     /lib64/libm-2.12.so
    7fa527679000-7fa527878000 ---p 00083000 fd:00 655492                     /lib64/libm-2.12.so
    7fa527878000-7fa527879000 r--p 00082000 fd:00 655492                     /lib64/libm-2.12.so
    7fa527879000-7fa52787a000 rw-p 00083000 fd:00 655492                     /lib64/libm-2.12.so
    7fa52787a000-7fa52788c000 r-xp 00000000 fd:00 265814                     /opt/xslt/lib/libexslt.so.0.8.16
    7fa52788c000-7fa527a8c000 ---p 00012000 fd:00 265814                     /opt/xslt/lib/libexslt.so.0.8.16
    7fa527a8c000-7fa527a8d000 rw-p 00012000 fd:00 265814                     /opt/xslt/lib/libexslt.so.0.8.16
    7fa527a8d000-7fa527aa2000 r-xp 00000000 fd:00 655776                     /lib64/libz.so.1.2.3
    7fa527aa2000-7fa527ca1000 ---p 00015000 fd:00 655776                     /lib64/libz.so.1.2.3
    7fa527ca1000-7fa527ca2000 r--p 00014000 fd:00 655776                     /lib64/libz.so.1.2.3
    7fa527ca2000-7fa527ca3000 rw-p 00015000 fd:00 655776                     /lib64/libz.so.1.2.3
    7fa527ca3000-7fa527caa000 r-xp 00000000 fd:00 655673                     /lib64/libcrypt-2.12.so
    7fa527caa000-7fa527eaa000 ---p 00007000 fd:00 655673                     /lib64/libcrypt-2.12.so
    7fa527eaa000-7fa527eab000 r--p 00007000 fd:00 655673                     /lib64/libcrypt-2.12.so
    7fa527eab000-7fa527eac000 rw-p 00008000 fd:00 655673                     /lib64/libcrypt-2.12.so
    7fa527eac000-7fa527eda000 rw-p 00000000 00:00 0
    7fa527eda000-7fa527fc2000 r-xp 00000000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
    7fa527fc2000-7fa5281c2000 ---p 000e8000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
    7fa5281c2000-7fa5281c9000 r--p 000e8000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
    7fa5281c9000-7fa5281cb000 rw-p 000ef000 fd:00 801392                     /usr/lib64/libstdc++.so.6.0.13
    7fa5281cb000-7fa5281e0000 rw-p 00000000 00:00 0
    7fa5281e0000-7fa528200000 r-xp 00000000 fd:00 655476                     /lib64/ld-2.12.so
    7fa5283de000-7fa5283f4000 rw-p 00000000 00:00 0
    7fa5283fd000-7fa5283ff000 rw-p 00000000 00:00 0
    7fa5283ff000-7fa528400000 r--p 0001f000 fd:00 655476                     /lib64/ld-2.12.so
    7fa528400000-7fa528401000 rw-p 00020000 fd:00 655476                     /lib64/ld-2.12.so
    7fa528401000-7fa528402000 rw-p 00000000 00:00 0
    7fff8d3b0000-7fff8d3d2000 rwxp 00000000 00:00 0                          [stack]
    7fff8d3ff000-7fff8d400000 r-xp 00000000 00:00 0                          [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,338
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. duobilisim

    duobilisim Member

    Joined:
    Jan 6, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks i know its coming from CSF but, i want to learn what process causing this, adding /usr/bin/php to csf.pignore is not good idea i think.

    its connecting from udp: myserverip:randomport to 4.2.2.2:53 from different user accounts. What process causing this, i am going to add it to csf.pignore
     
  4. iserversupport

    iserversupport Well-Known Member

    Joined:
    Nov 4, 2013
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    cPanel Access Level:
    Root Administrator
    You can grep with the Process ID (PID) to get more information about the process.

    Try this ps -aux | grep PID
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. duobilisim

    duobilisim Member

    Joined:
    Jan 6, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    i did ps aux result was

    /usr/bin/php

    too see what files are open

    ls -l /proc/7431/fd

    Result:
    Code:
    
    total 0
    dr-x------ 2 kenal kenal  0 May  8 00:13 ./
    dr-xr-xr-x 7 kenal kenal  0 May  8 00:12 ../
    lrwx------ 1 kenal kenal 64 May  8 00:13 0 -> socket:[104920]
    l-wx------ 1 kenal kenal 64 May  8 00:13 1 -> /usr/local/apache/logs/error_log
    l-wx------ 1 kenal kenal 64 May  8 00:13 2 -> /usr/local/apache/logs/error_log
    lr-x------ 1 kenal kenal 64 May  8 00:13 48 -> pipe:[104164]
    l-wx------ 1 kenal kenal 64 May  8 00:13 53 -> pipe:[104165]
    
    
    i cant find what is causing this :/
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice